Maintaining the security of computer systems is a difficult problem. One way that computer systems are secured is through the use of cryptography. Cryptographic systems rely on one or more cryptographic keys to protect information. In many situations the security of the cryptographic keys is paramount because access to the cryptographic keys allows access to the data that is being protected. One way that cryptographic keys can be secured is through the use of a Hardware Security Module (“HSM”). Generally speaking, an HSM may be a physical computing device that safeguards cryptographic keys by storing the cryptographic keys within a tamper-resistant physical device. HSMs provide cryptographic key generation and storage and perform cryptographic operations for authorized clients of the HSM. In general, cryptographic keys are not exportable from the HSM in an unprotected form.
In large-scale computing environments, the demand for cryptographic operations may exceed the capabilities of a single HSM. To improve the performance of a distributed computing environment, multiple HSMs may be used to provide cryptographic functions to various servers and clients throughout the distributed environment, and cryptographic keys may be synchronized between the multiple HSMs. Synchronizing cryptographic keys across multiple HSMs can be difficult, because security features of the HSMs make it difficult to transfer information directly from one HSM in the fleet to another HSM in the fleet in an unencrypted form.